You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

The following I had posted in the Window XP Home and Pro which explains my situation.

Hi all, I have a friends computer that I've spent the last three days getting rid infections because there hasn't been any protection for the last year and defragging the hdd which had never been defragged. After three days of playing with this I've run out of energy to pursue this so I'm asking for help, I have everything running smoothly now except for two error messages that are appearing on the desktop when starting, these are:

1) This application has failed to start because MFC71.DLL was not found.Reinstalling the application may fix this.

2) Error loading C:\WINDOWS\system32\j0221439.dll

The OS used is XP Home, my question is can I use the repair disc to fix these, and do I have to use the specific disc that came with the computer or can I use mine?

Are alternatives for restoring these?

I will appreciate any help that I can get, I'm so close to having this done.

jwinathome responded with the suggestion that I post a HJT log, so here it is. If this doesn't work I may take this computer down to the river and baptize it.

Edit: I forgot to mention I ran scans with AVG, Adaware, Spybot S&D, Asquared, and Ccleaner. All definitions are current, when I ran Adaware there were 901 items found.

1. Double click on combo.exe and follow the prompts.2. When finished, it will produce a logfile located at C:\ComboFix.txt.3. Post the contents of that log in your next reply with a new HijackThis log.

Note: Do not mouse-click ComboFix's window while it is running. That may cause your system to stall/hang.

• Post back with the log from Superantispyware, the C:\ComboFix.txt log and a new HijackThis log.

Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt C:\Documents and Settings\Owner\Cookies\owner@1061917247[1].txt C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt C:\Documents and Settings\Owner\Cookies\owner@1072556060[1].txt C:\Documents and Settings\Administrator\Cookies\administrator@1.primaryads[2].txt C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt C:\Documents and Settings\Administrator\Cookies\administrator@btg.btgrab[1].txt C:\Documents and Settings\Administrator\Cookies\administrator@cliks[1].txt C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt C:\Documents and Settings\Administrator\Cookies\administrator@emarketmakers[1].txt C:\Documents and Settings\Administrator\Cookies\administrator@offeroptimizer[1].txt C:\Documents and Settings\Guest\Cookies\guest@ad.zanox[1].txt C:\Documents and Settings\Guest\Cookies\guest@adknowledge[2].txt C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[2].txt C:\Documents and Settings\Guest\Cookies\guest@affiliate.budsinc[2].txt C:\Documents and Settings\Guest\Cookies\guest@azjmp[2].txt C:\Documents and Settings\Guest\Cookies\guest@banner[1].txt C:\Documents and Settings\Guest\Cookies\guest@belnk[1].txt C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt C:\Documents and Settings\Guest\Cookies\guest@cpacampaigns.directtrack[2].txt C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[1].txt C:\Documents and Settings\Guest\Cookies\guest@data2.perf.overture[2].txt C:\Documents and Settings\Guest\Cookies\guest@data4.perf.overture[2].txt C:\Documents and Settings\Guest\Cookies\guest@directtrack[1].txt C:\Documents and Settings\Guest\Cookies\guest@dist.belnk[2].txt C:\Documents and Settings\Guest\Cookies\guest@i.screensavers[2].txt C:\Documents and Settings\Guest\Cookies\guest@icc.intellisrv[2].txt C:\Documents and Settings\Guest\Cookies\guest@kanoodle[1].txt C:\Documents and Settings\Guest\Cookies\guest@login.tracking101[2].txt C:\Documents and Settings\Guest\Cookies\guest@neuroticmedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@nextag[2].txt C:\Documents and Settings\Guest\Cookies\guest@qnsr[1].txt C:\Documents and Settings\Guest\Cookies\guest@scavenger.contagiousmedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@screensavers.us.intellitxt[1].txt C:\Documents and Settings\Guest\Cookies\guest@smileycentral[1].txt C:\Documents and Settings\Guest\Cookies\guest@starware[2].txt C:\Documents and Settings\Guest\Cookies\guest@web.neuroticmedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@winantispyware[1].txt C:\Documents and Settings\Guest\Cookies\guest@winfixer[1].txt C:\Documents and Settings\Guest\Cookies\guest@www.medialunchbox[1].txt C:\Documents and Settings\Guest\Cookies\guest@www.precisioncounter[1].txt C:\Documents and Settings\Guest\Cookies\guest@www.screensavers[1].txt C:\Documents and Settings\Guest\Cookies\guest@www.sexbuddies[2].txt C:\Documents and Settings\Guest\Cookies\guest@www.thespyguard[1].txt C:\Documents and Settings\Guest\Cookies\guest@www.winfixer[1].txt C:\Documents and Settings\Guest\Cookies\guest@xiti[1].txt

Save this as CFScript.txtAs in the above picture, drag CFScript.txt into ComboFix.exeThis will cause ComboFix to produce another log.Post the log in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

• Please upload this file to Jotti's Online Virus ScanC:\WINDOWS\system32\ofvumn.exe- Click the link above- Click "Browse" at the top of the page- Navigate to C:\WINDOWS\system32\ofvumn.exe- Click "Open" and let the scan finish- Copy/paste the results in your next reply.

• Lastly, open Notepad and copy and paste the following bold part in it exactly as shown:dir C:\WINDOWS\system32\n?lookup.exe /a h > look.txtstart notepad look.txt- Save this as look.bat, choose to save as "all files" and save it on your Desktop- Double-click look.bat and Notepad will open with the contents.- Copy and paste the contents in your next reply.

It may not be listed in Add/Remove Programs since it's adware. It appears that you had stopped it from running via MSConfig. The folder will be removed anyway in a later step, so just skip the Add/Remove Programs step and keep going.

What also would help is when you find the file, right-click onto it and select Properties > click the Version tab and see if it lists a company under Other version information. Then you can scan it at Jotti's.

• Start HijackThis, click System Scan Only and place a checkmark next to the following item:O4 - HKLM\..\Policies\Explorer\Run: [ofvumn] C:\WINDOWS\System32\ofvumn.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

• You have an outdated version of Java which, because of security reasons, needs to be updated. Java releases updates because of discovered exploits. To update Java:- Download the latest version of Java Runtime Environment (JRE) 6u2 from HERE- Close any programs you may have running - especially your web browser.- Go to Start > Control Panel > Add/Remove Programs and remove ALL older versions of Java by checking any item, one at a time, with Java Runtime Environment (JRE or J2SE) in the name. It should have this icon next to it.- For each item that you check, click the Remove or Change/Remove button.- Repeat as many times as necessary to remove ALL of the Java versions.- REBOOT your computer once ALL Java components are removed.- Then from your Desktop, double-click on the newly-downloaded Java file to install the newest version.

• Download and scan with CCleaner.1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.2. Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours3. Then select the items you wish to clean up.

In the Windows Tab:

Clean all entries in the "Internet Explorer" section.

Clean all the entries in the "Windows Explorer" section.

Clean all entries in the "System" section.

Clean all entries in the "Advanced" section.

Clean any others that you choose.

In the Applications Tab:

Clean all entries in the Firefox/Mozilla section if you use it.

Clean all in the Opera section if you use it.

Clean Sun Java in the Internet Section.

Clean any others that you choose.

3. Click the "Run Cleaner" button.4. A pop-up box will appear advising this process will permanently delete files from your system.5. Click "OK" and it will scan and clean your system.6. Click "exit" when done.

• Perform an onlinescan with Panda Online. ActiveScan does not remove adware/spyware but will autoclean for viruses and worms.You have to use Internet Explorer for this scan.- Once you are on the Panda site click the Scan your PC button- A new window will open- Fill in your registration and click the Check Now button- If it wants to install an ActiveX component, allow it- A new window will appear asking "Do you want to install this software?"" Name: asinst.cab- Click Install- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)- When the download is complete, click on Local Disks to start the scan- When the scan completes, if anything malicious is detected, click the "See Report" button, then "Save Report" and save it to a convenient location.

Panda didn't turn up anything, if you need the log I'll send it. I wound up having to work today so I couldn't get to this till this evening, and to compound this I'm on a dialup connection so those downloads you want took time. I will never do this for a friend again without broadband.

These files probably were already deleted since Panda didn't show anything. However, let's double-check to be on the safe side, so navigate to and delete the following files if present:C:\WINDOWS\system32\Drivers\DP.sysC:\WINDOWS\system32\qassbvur.exeC:\WINDOWS\system32\vurikwtn.dllC:\WINDOWS\system32\pcapynuj.dll

Your log looks clean. You can delete the ComboFix.exe file; the C:\ComboFix folder; the C:\QooBox folder; the C:\ComboFix-quarantined-files.txt and the C:\combofix.txt log that were created.

• Please set your system to hide system files.- Go to Start and open My Computer- Select the Tools menu and click Folder Options.- Select the View Tab and, under Hidden files and folders, check Do not show hidden files and folders- Check Hide file extensions for known file types- Check Hide protected operating system files (Recommended)- Click Apply, then OK.

• If you have not done so, please empty your Recycle Bin.

• Create a new Restore Point:- Go to Start > All Programs > Accessories > System Tools > System Restore.- When the utility opens, select "Create a new restore point" and click Next- Name the restore point - something like "After infection cleaned" or "After cleaning"- Click Create.

• Delete the old Restore Points:- Go to Start > All Programs > Accessories > System Tools > Disk Cleanup. Click Ok. - Click the "More Options" tab.- Where it states "System Restore" - click Clean up.- All of the old Restore Points will be deleted EXCEPT for the one you just created.

Reboot your computer.

• To keep this clean in the future, I would suggest the following things:

• Install Spywareblaster. SpywareBlaster doesn't scan and clean for so-called spyware but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls and also prevents the installation of any of them via a webpage. Update it periodically.

• Install IE-SPYAD puts over 20,000 sites in your restricted zone, so you will be protected when you visit innocent-looking sites that are not actually innocent at all.

* Avoid illegal sites because that's where most malware is present.* Don't click on links inside pop-ups. If you should get them, use ALT + F4 to close them.* Don't click on links in spam messages claiming to offer anti-spyware software because most of these so-called removers ARE spyware.* Download free software only from sites you know and trust because a lot of free software can bundle other software, including spyware.